Case 3:17-cv-05659-WHA Document 590 Filed 07/23/19 Page 1 of 5
`
`IN THE UNITED STATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`FINJAN, INC.,
`Plaintiff,
`
` v.
`JUNIPER NETWORKS, INC.,
`Defendant.
` /
`
`No. C 17-05659 WHA
`
`ORDER RE SHOW CAUSE
`ORDER
`
`An order denying plaintiff Finjan, Inc.’s motion for summary judgment of infringement
`of Claim 1 of United States Patent No. 8,141,154 (“the ’154 patent”) further ordered the parties
`to show cause as to why the Court should not enter judgment of noninfringement in favor of
`defendant Juniper Networks, Inc. (Dkt. No. 459 at 12).
`As background, the ’154 patent is directed toward a system and method “for protecting
`a client computer from dynamically generated malicious content” and statically generated
`conventional viruses (’154 patent, Abstract). The basic set up of the ’154 patent’s purported
`invention involves “[t]hree major components”: (1) gateway computer, (2) client computer,
`and (3) security computer (id. at 8:45–46). A preferred embodiment describes a gateway
`computer that intercepts content being sent to the client computer for processing (id. at
`8:48–51). The gateway computer modifies the content by replacing the call to the original
`function with a corresponding call to a substitute function, which operates to send the input of
`the original function to a security computer for inspection (id. at 5:10–12). The gateway
`computer then transmits “the modified content” to the client computer, which processes the
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`For the Northern District of California
`
`United States District Court
`
`

`

`Case 3:17-cv-05659-WHA Document 590 Filed 07/23/19 Page 2 of 5
`
`modified content (id. at 5:14–16). When the substitute function is invoked, the client computer
`transmits the input to the security computer for inspection (id. at 5:16–18). The security
`computer then inspects the input and transmits “an indicator of whether it is safe for the client
`computer to invoke the original function with the input” (id. at 5:20–22). The client computer
`invokes the original function “only if the indicator . . . indicates that such invocation is safe”
`(id. at 5:22–25).
`Claim 1 of the ’154 patent reads as follows (’154 patent at 17:32–44 (emphasis added)):
`1.
`A system for protecting a computer from dynamically generated
`malicious content, comprising:
`a content processor (i) for processing content received
`over a network, the content including a call to a first
`function, and the call including an input, and (ii) for
`invoking a second function with the input, only if a
`security computer indicates that such invocation is safe;
`a transmitter for transmitting the input to the security
`computer for inspection, when the first function is
`invoked; and
`receiver for receiving an indicator from the security
`computer whether it is safe to invoke the second function
`with the input.
`In construing the term “content processor,” the prior order denying Finjan’s summary
`judgment motion found that a person of ordinary skill in the art would have understood the
`“content processor” in Claim 1 to process modified content (Dkt. No. 459 at 7). This was
`based in part on the fact that the specification itself described the “present invention” as
`“operat[ing] by replacing original function calls with substitute function calls within the
`content, at a gateway computer, prior to the content being received at the client computer” (id.
`at 7 (citing ’154 patent at 4:55–60) (emphasis added)). In light of the foregoing construction,
`that order found that on the then-current record, the accused products did not infringe and
`accordingly denied Finjan’s motion (id. at 11).
`In response to the order to show cause, Finjan marshals additional evidence and asserts
`that the three accused products — SRX Series Gateways, Sky Advanced Threat Prevention,
`and Advanced Threat Prevention Appliance — infringe under the foregoing construction.
`Specifically, Finjan argues that each of those three products process “modified content,”
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`2
`
`For the Northern District of California
`
`United States District Court
`
`

`

`Case 3:17-cv-05659-WHA Document 590 Filed 07/23/19 Page 3 of 5
`
`including: (1) content modified for malicious URL redirection; (2) content modified by
`encryption; and (3) content modified by buffering and building.
`Juniper counters that Finjan improperly attempts to “redefin[e] the meaning of
`‘modified content’ to include ‘original content’ ” (Dkt. No. 479 at 1). This order agrees. As
`explained in the order denying Finjan’s motion for summary judgment, the “content processor”
`processes content that includes (Dkt. No. 459 at 7):
`“first function” [that] clearly involves the “substitute function,” which
`sends the content’s input to the security computer for inspection once
`invoked. According to the specification, the substitute function exists
`only after the original content is modified at the gateway computer (see,
`e.g., ’154 patent at 9:13–28). Accordingly, the claimed “content”
`necessarily refers to modified content.
`Here, Finjan offers theories of infringement that purportedly involve a “content
`processor” that processes “modified content.” But Finjan’s proffered forms of “modified
`content” do not fit within the scope of the claim language. True, the aforementioned forms of
`content may have been modified in some way at some time. But as Juniper points out, none of
`Finjan’s new theories involves original content modified with a substitute function (which
`function sends the content to the security computer when invoked) at the gateway computer, as
`required by the ’154 patent.
`First, Finjan argues that the three accused products process modified content because
`“[h]ackers often compromise a web site and manipulate the content hosted on the web server
`before it is delivered to the user” and that the accused products “process this modified content
`in order to protect the user from hackers” (Dkt. No. 474 at 1). But this ultimately amounts to
`the original content initially received by the claimed system. The “modified content” Finjan
`proposes under this theory does not involve a substitute function as required by Claim 1.
`Second, Finjan contends that the accused products process content modified through an
`encryption algorithm (id. at 3, 5, 7). It asserts that the SRX “receives and processes content
`that has been modified by a remote server through cryptographic protocols, such as ‘Transport
`Layer Security’ (“TLS”) and ‘Secure Socket Layer’ (“SSL”) (id. at 3). And, Sky ATP and
`ATP Appliance process content modified through encryption such as SSL, with ATP
`Appliance including a “specific functionality for the processing of encrypted content,”
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`3
`
`For the Northern District of California
`
`United States District Court
`
`

`

`Case 3:17-cv-05659-WHA Document 590 Filed 07/23/19 Page 4 of 5
`
`according to Finjan (id. at 5, 7–8). The accused products also process compressed data (e.g.,
`zip file), which Finjan asserts constitutes modified content (id. at 4, 6, 8). But again, these
`“modifications” occur before the content is sent to the gateway computer. Moreover, the
`“modifications” do not fall within the meaning of Claim 1, as they do not involve a “substitute
`function” as disclosed in the specification.
`Third, Finjan argues that the accused products process modified content because said
`content has been “buffered” or “chunked.” As to the SRX, Finjan argues that “the
`AAMW_transport_module (which is what sends the sample to the Sky ATP) is a ‘content
`processor’ that receives the buffered and chunked, and therefore ‘modified’, content while the
`content is being processed by the component of the SRX Gateway that will transfer the content
`to the security computer” (id. at 4). Sky ATP processes modified content, according to Finjan,
`because “the data that the SRX Gateway receives is buffered and built into the modified
`content that is sent to the content processor in Sky ATP” (Dkt. No. 474 at 6). Finjan also
`contends that ATP Appliance processes modified content because “it receives content together
`with metadata” (id. at 8). It further points to evidence that the SRX “modifies the content
`because it intercepts the request, buffers it, replaces the get request with its own, and its own ip
`address, and processes the response before sending it to” Sky ATP and ATP Appliance for
`further processing (id. at 6, 9).
`As Juniper points out, however, under this theory, the content is simply broken into
`pieces for processing, not “modified” within the meaning of Claim 1. Nor has Finjan shown
`that the “get request” and “ip address” replacements constitute the “substitute function”
`involved in the claimed “modified content.” Finjan’s metadata theory similarly fails, as it
`offers no evidence that modification with metadata constitutes a “substitute function” within
`the meaning of Claim 1.
`Moreover, Finjan’s doctrine of equivalents arguments fail to sufficiently raise an issue
`of fact. It first argues that the accused products “perform the same function performed as a
`‘content processor’ because they will process content that was received from the internet that
`has been modified to be encrypted, harmful or malicious, and allow the use of a security
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`4
`
`For the Northern District of California
`
`United States District Court
`
`

`

`Case 3:17-cv-05659-WHA Document 590 Filed 07/23/19 Page 5 of 5
`
`computer to determine if it is safe to invoke a function with an input to a function in the
`content” (id. at 9). Again, this simply amounts to the “original content” under the ’154 patent
`and thus cannot reasonably be equivalent to the claimed “modified content.”
`Finjan next asserts that the accused products “use modified content, as the content is
`modified via the accused products so that the original ‘first function,’ which was to directly
`contact the given location on the Internet (the input), instead sends the input to a security
`processor for further processing” (id. at 10). As Juniper points out, however, Finjan fails to
`point to any real evidence supporting this notion. It merely cites to paragraph 111 of the
`Mitzenmacher declaration, which in turn simply regurgitates the same conclusory language as
`in the briefing. Such self-serving evidence fails to raise a triable issue.
`Finally, Finjan contends that Juniper “sandbagged” Finjan in raising a new claim
`construction in its opposition brief (Dkt. No. 474 at 11–14). But that does not explain why
`Finjan failed to offer any support in its reply brief under the adopted construction. Nor is
`Finjan’s complaint that “it would be procedurally unfair to exclude Finjan from presenting a
`full infringement case for Claim 1” of the ’154 patent persuasive — the order to show cause
`was issued precisely to give Finjan the fair opportunity to present evidence of infringement
`under the adopted construction. And, Finjan took full advantage of this opportunity by filing
`pages upon pages of briefing, declarations, and exhibits.
`At bottom, this order finds that Finjan failed to raise a triable issue of fact, even when
`construing the evidence in the light most favorable to Finjan. Accordingly, summary judgment
`of noninfringement of Claim 1 of the ’154 patent in favor of Juniper is GRANTED.
`
`IT IS SO ORDERED.
`
`Dated: July 23, 2019.
`
`
`WILLIAM ALSUP
`UNITED STATES DISTRICT JUDGE
`
`1 2 3 4 5 6 7 8 9
`
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`For the Northern District of California
`
`United States District Court
`
`5
`
`